package com.zf.yichat.utils;

import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;

/**
 * 目录遍历攻击校验
 * @author qunn
 *
 */
@Slf4j
public class CatalogAttackSafeUtil {
	
	private static final String BLACK_LIST[] = {"../","..\\"};
	
	/**
	 * 判断url是否含有非法字符 ../、..\
	 * @param url
	 * @return
	 */
	public static boolean validateUrl(String url) {
		boolean validate = false;
		if(StringUtils.isBlank(url)){
			return validate;
		}
		for (String reg : BLACK_LIST) {
			if (url.indexOf(reg) != -1) {
				validate = true;
				log.warn("非法url：" + url);
			}
		}
		return validate;
    }
}
